Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The NSX Distributed Firewall must off-load audit records onto a centralized log server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-69151 | VNSX-FW-000090 | SV-83755r1_rule | Medium |
| Description |
|---|
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. This does not apply to audit logs generated on behalf of the device itself (management). |
| STIG | Date |
|---|---|
| VMware NSX Distributed Firewall Security Technical Implementation Guide | 2016-06-27 |
Details
| Check Text ( C-69589r1_chk ) |
|---|
| Log into vSphere Web Client with credentials authorized for administration, navigate and select the ESXi host and click "Manage" >> "Advanced System Settings", and enter "Syslog.global.logHost" in the filter. Verify the correct setting for "Syslog.global.logHost" to the hostname of your syslog server. If this setting does not specify the appropriate syslog server on each ESXi host, this is a finding. |
| Fix Text (F-75337r2_fix) |
|---|
| Log into vSphere Web Client with credentials authorized for administration, navigate and select the ESXi host and click "Manage" >> "Advanced System Settings", and enter "Syslog.global.logHost" in the filter. Verify the correct setting for "Syslog.global.logHost" to the hostname of your syslog server. Verify each ESXi host is set to a remote syslog server. |